Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We’re here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you’re a consumer, a techie or a D.C. lifer, we’re here to give you …
THE BIG STORY:
–TRUMP FIRES COMEY: President Trump fired FBI Director James Comey, the White House announced Tuesday afternoon. Trump fired Comey based on the recommendation of Attorney General Jeff Sessions and his deputy, Rod Rosenstein, White House press secretary Sean Spicer told reporters. “While I greatly appreciate you informing me, on three separate occasions, that I am not under investigation, I nevertheless concur with the judgment of the Department of Justice that you are not able to lead the bureau,” Trump wrote in a letter to Comey dated Tuesday. “It is essential that we find new leadership for the FBI that restores public trust and confidence in its vital law enforcement mission,” the president wrote. In a statement on Comey’s firing released by the White House, Trump called the FBI “one of our Nation’s most cherished and respected institutions,” adding, “today will mark a new beginning for our crown jewel of law enforcement.” The White House said that a search for a new permanent FBI director would “begin immediately. In March, Comey announced with the authorization of the Justice Department that the bureau was investigating alleged coordination between the Trump campaign and Russia during the 2016 presidential election.
{mosads}To read the rest of our piece, click here.
–…TRUMP THANKED COMEY FOR “INFORMING ME… I AM NOT UNDER INVESTIGATION”: In the letter dismissing Comey, President Trump wrote: “While I greatly appreciate you informing me, on three separate occasions, that I am not under investigation, I nevertheless concur with the judgment of the Department of Justice that you are not able to effectively lead the bureau.”
Click here for Trump’s full letter.
–…REACTIONS – JEFFREY TOOBIN: Jeffrey Toobin, CNN’s senior legal analyst, said on the network: “[This is] grotesque abuse of power, by the President of the United States.” “This is the kind of thing that goes on in nondemocracies,” he added. “That when there is an investigation that reaches near the president of the United States, or the leader of a nondemocracy, they fire the people who are in charge of the investigation. For more on Toobin’s reaction, click here.
–…GOP SENATORS GENERALLY OFFERED SUPPORT FOR THE DECISION: A number of Republican senators are offering support for President Trump’s bombshell decision to fire FBI Director James Comey. Sen. John Cornyn (R-Texas), the No. 2 Senate Republican, said he was “surprised” by the decision but that Comey serves at the “pleasure of the president.” “Obviously he’s been the center of controversy both among Democrats and Republicans at different times. … It sounds to me from reading the president’s letter that he lost confidence in him,” Cornyn told reporters. Sen. Lindsey Graham (R-S.C.), who has at times had a contentious relationship with Trump, also voiced support for the decision, saying that the FBI needs a “fresh start.” “Given the recent controversies surrounding the director, I believe a fresh start will serve the FBI and the nation well,” Graham said in one of the first statements released after Trump’s Tuesday evening announcement.
To read more, click here.
–…BUT THREE GOP CHAIRMAN RAISE CONCERNS: Three Senate Republican chairman with oversight of national security issues signaled Tuesday evening their concern over the sudden termination of FBI Director James Comey in the midst of his agency’s investigation of Russia’s influence over the White House. Senate Armed Services Committee Chairman John McCain (R-Ariz.) said Tuesday that he was “disappointed in the president’s decision to remove James Comey from office.” He said the unexpected dismissal in the midst of a probe into Russia’s interference in the 2016 presidential election and possible Russian government ties with senior advisers to President Trump warrants the appointment of a special prosecutor. Joining McCain, Senate Foreign Relations Committee Chairman Bob Corker (R-Tenn.) signaled Tuesday night that he is also concerned about the surprise development. Senate Intelligence Committee Chairman Richard Burr (R-N.C.) also said he is “troubled by the timing and reasoning of Director Comey’s termination.”
The Hill’s Alexander Bolton has more on the chairmen’s reactions here.
–…MCCONNELL FOCUSES ON SEARCH FOR NEW DIRECTOR: Senate Majority Leader Mitch McConnell (R-Ky.) steered clear of weighing in on President Trump’s firing of FBI director James Comey on Tuesday, instead stressing that it’s important for the Senate to confirm his successor. “Once the Senate receives a nomination, we look forward to a full, fair, and timely confirmation process to fill the Director position,” McConnell said in a statement. He added that the FBI director is a “critical role that is especially important as America faces serious threats at home and abroad.”
To read more on McConnell, click here.
-…DEMOCRATS CALLED THE FIRING ‘NIXONIAN’: Senate Democrats slammed President Trump on Tuesday for firing FBI Director James Comey amid the bureau’s investigation into ties between the Trump campaign and Russia, drawing comparisons to former President Richard Nixon. “This is Nixonian,” Sen. Bob Casey (D-Pa.) said in a statement. Sen. Patrick Leahy (D-Vt.) echoed that language, noting that Trump fired Comey “in the midst of one of the most critical national security investigations in the history of our country — one that implicates senior officials in the Trump campaign and administration.”
Click here for more reaction from Democrats.
–…SCHUMER CALLS FIRING A ‘BIG MISTAKE’: Senate Minority Leader Charles Schumer (D-N.Y.) says he told President Trump that his decision to fire FBI Director James Comey was a “big mistake.” “Earlier this afternoon President Trump called me and informed me he was firing Director Comey,” Schumer told reporters on Tuesday. “I told the president, ‘Mr. President, with all due respect, you are making a big mistake.’ ” He added that Trump didn’t “really respond” to his comment.
For more on Schumer, click here.
–…HOUSE OVERSIGHT DEM WANTS ‘EMERGENCY HEARINGS’: “Congress needs to have immediate emergency hearings to obtain testimony directly from Attorney General [Jeff] Sessions, the deputy attorney general and FBI Director Comey,” Rep. Elijah Cummings (D-Md.), the top Dem on the Oversight panel, said in a statement Tuesday. “The White House was already covering up for [former national security adviser] Michael Flynn by refusing to provide a single document to Congress, and now the President fired the one independent person who was doing the most to investigate President Trump and his [2016] campaign over allegations of coordination with Russia.”
For more on Cummings’ call for hearings, click here.
–… MORE COMEY LINKS:
Conservative pundit Charles Krauthammer called the firing ‘inexplicable’
Sessions was reportedly told to find reasons to fire Comey
DOJ cites Comey’s handling of Clinton case in firing
White House circulates negative stories about Comey after firing
Flashback: Trump praised Comey’s handling of the Clinton email probe in October
Clinton campaign team denounces Comey firing
THE NOT QUITE AS BIG STORIES:
–COMEY SLIPPED UP IN TESTIMONY: The FBI on Tuesday clarified testimony made by now-ex-Director James Comey before the Senate Judiciary Committee last week regarding the investigation into Hillary Clinton’s private email server. Comey had told the committee that longtime Clinton aide Huma Abedin forwarded “hundreds and thousands” of Clinton’s emails to her then-husband, former Rep. Anthony Weiner (D-N.Y.), to print out for the secretary of State. In fact, the bureau said in a letter sent to the Senate panel Tuesday that only a small number of the 49,000 relevant emails it uncovered on Weiner’s laptop had been forwarded manually. Most of the emails got onto the computer as a result of backups of her Blackberry. Just two of 12 total email chains including classified information were manually forwarded, the bureau said. All 12 chains had previously been reviewed by investigators. Comey told the committee last week that the bureau in October uncovered “hundreds and thousands” of emails sent by Abedin, some of which he said were classified. Pressed by Sen. Ted Cruz (R-Texas) on how Abedin could forward “hundreds or thousands of classified emails” without violating statute, Comey clarified: “If I said that, I misspoke. She forwarded hundreds and thousands of emails, some of which contain classified information.”
To read the rest of our piece, click here.
–NSA HEAD HINTS AGENCY KNEW RUSSIA WAS BEHIND MACRON LEAKS: The leader of the NSA and Cyber Command on Tuesday said the U.S. alerted France to possible Russian involvement in their election. Admiral Mike Rogers treaded carefully in testimony before the Senate Armed Services Committee, but said the U.S. knew of Russian activity before the emails of French president-elect Emmanuel Macron leaked onto the internet. “If you take a look at the French elections — again unclassified hearing, not going to get into specifics — we had become aware of Russian activity,” said Rogers. “We talked to our French counterparts prior to the announcement of the events that were publicly attributed this past weekend.” Friday evening, days before the Sunday’s French election, emails and other files from the campaign Macron leaked onto the internet. No formal attribution has been made by either the U.S. or France. While Rogers alluded to the leaks, he stopped short of identifying Russia as the culprit. Though he did not say if he contacted the French in regards to leaks or to other hacking, Rogers said he had told the French the U.S. was “watching the Russians penetrating some of your infrastructure” and offered U.S. assistance.
–DEMS WANT DEETS ON FCC CYBERATTACK:
Sens. Ron Wyden (D-Ore.) and Brian Schatz (D-Hawaii) are asking the Federal Communications Commission for information about the agency’s claim that it had been the target of cyberattacks after being criticized by late night comedian John Oliver on Sunday. The two Democrats sent a letter to FCC Chairman Ajit Pai with a list of questions about the FCC’s claim on Monday that its comment filing system had been hit with a distributed denial of service (DDoS) attack “DDoS attacks against federal agencies are serious — and doubly so if the attack may have prevented Americans from being able to weigh in on your proposal to roll back net neutrality protections,” they wrote. “Any potentially hostile cyber activities that prevent Americans from being able to participate in a fair and transparent process must be treated as a serious issue.” On Sunday night, Oliver tore into Pai over his plans to repeal the agency’s net neutrality rules, and urged his audience to file comments in support of the regulations on the FCC’s website. The site later slowed to a crawl and many attributed it to the flood of responses prompted by Oliver. But the next day, FCC chief information officer David Bray said that the site was disrupted by malicious actors and not legitimate commenters. Fight for the Future, a pro-net neutrality advocacy group, said that it was skeptical of the claim and suggested that the FCC may be intentionally misleading the public in order to save face in the midst of the backlash.
To read the rest of our piece, click here.
–STATE DEPT. PICK HAS STRONG WORDS ON RUSSIA:
President Trump’s choice for deputy secretary of State said Tuesday that Russian interference in democratic elections poses a “profound threat to our way of life.” John Sullivan, a lawyer and former official in the George W. Bush administration, called for a “robust” response to Moscow’s use of cyberattacks and disinformation to influence the 2016 presidential election. Sullivan was responding to questioning from Sen. Christopher Coons (D-Del.) during his confirmation hearing before the Senate Foreign Relations Committee Tuesday morning. Coons referred to evidence that Russia has also tried to sway European elections, including last weekend’s French presidential election and the upcoming election in Germany. “It’s a persistent threat that we face, most recently from Russia in our election, and as you mentioned in the elections in Europe, in France and the Netherlands, and upcoming elections in Germany and Italy next year or maybe later this year,” Sullivan said.
To read the rest of our piece, click here.
A POLICY UPDATE:
VOTING MACHINES: Sen. Angus King (I-Maine) sent a letter to Senate Appropriations leadership Tuesday calling for $160 million to supply states with voting machines that provide a paper record.
“Rational analysis concludes that our voting equipment will certainly be subject to sophisticated cyberattacks that are likely to change election outcomes without detection,” King wrote in his letter to Sens. John Boozman (R-Ark.) and Jon Tester (D-Mont.).
Many of the digital voting machines that were purchased to help disabled and hard-of-sight voters do not provide a paper record of votes. That makes it harder to audit vote tallies if hacking or other tampering is suspected. Paper records cannot be altered by malware.
“A simple and effective solution to the cybersecurity vulnerability of our voting systems is available immediately: audit the results of elections instead of trying to secure computer systems,” King wrote in his letter.
To read the rest of our piece, click here.
A LIGHTER CLICK:
MORE OF AN ANARCH-ISH COMMUNITY: Today’s best headline – “Redditors on r/Anarchism Are Angry That They Have to Follow the Rules.”
TWO REPORTS IN FOCUS:
THE NEW, NEW INTERNET OF THINGS BOTNET:
Researchers at Trend Micro have discovered a new internet of things botnet ready to launch distributed denial of service (DDoS) attacks – attacks that overwhelm servers with simultaneous traffic, causing them to malfunction.
DDoS require vast networks of computers, almost always built by roping together hacked systems into a network called a botnet. There was a time when those systems were typically laptops, desktops and servers. But thanks to lax security design, attackers now build these networks out of internet-connected devices, like security cameras.
Last year, a program that created these botnets called Mirai briefly blacked out Twitter, Netflix, Etsy and The New York Times after it knocked out a critical internet switchboard necessary to reach those sites.
Earlier this year, a separate program known as Hajime began targeting the same targets, leading to a turf battle between the two.
The cybersecurity firm Trend Micro announced Tuesday the discovery of a new, large scale botnet program it is calling Persirai. Persirai targets more than a thousand types of internet cameras. A cursory internet search found more than 100,000 of those cameras are already connected to the internet.
It is very difficult to stop these IoT networks. Cheaply made products are likely to have security flaws. People are not likely to pay for the more expensive devices when they aren’t the likely target of DDoS attacks, and it’s nearly impossible to regulate. After all, the U.S. has no control over the cheap Chinese-made DVRs being sold in other countries.
–MICROSOFT OFFICE:
Researchers discovered three distinct hacker groups using similar, previously unknown security flaws in Microsoft Office to attack victims.
Two of the groups are previously known as suspected Russian espionage teams, and the third group appears to have used the same code to rob banks.
The trio was uncovered by the security firm FireEye.
The hackers took advantage of two flaws in how Microsoft Office handled graphics files using Encapsulated PostScript (.EPS). In each of the attacks, hackers would send an Office file designed to hide malware.
The group APT 28, also known as Fancy Bear and best known for conducting the Democratic National Committee hack, as well as a group targeting Middle Eastern banks, both used the same flaw to launch attacks. Turla, a different suspected Russian hacking group, discovered by Kaspersky Lab in 2014, used a different EPS bug.
FireEye reported that the suspected Russian hacking outfits had attacked political targets in NATO member states.
The APT 28 and Turla attacks used the software vulnerabilities to install malware specific to the two groups. The bank robber group used known financial malware known as Netwire.
All three also needed to take advantage of additional security vulnerabilities to get enough access to install their wares.
In APT 28’s case, they used an additional previously unknown security flaw.
To read the rest of our piece, click here.
WHO’S IN THE SPOTLIGHT:
EUGENE KASPERSKY:
U.S. government officials, including the Senate Intelligence Committee and members of the intelligence community are allegedly concerned that the Russian-headquartered security software manufacturer Kaspersky Lab might be colluding with the Russian government, claims the company denies and the cybersecurity community has never put much stock into.
Homeland Security, reports ABC News, issued a secret warning to avoid use of the company’s products in February.
This isn’t the first time someone has accused Kaspersky Lab of potentially using its software to undermine America. Similar allegations came out in 2015, when Bloomberg published a piece describing Eugene Kaspersky’s friendship with government officials including those from the FSB – the Russian intelligence agency.
“I know Eugene and many of his GReAT team. All excellent and reputable,” tweeted the cybersecurity consultant Jeffrey Carr who runs the Suits and Spooks intelligence conference.
We don’t know what Homeland Security or the intelligence community knows, but we do know what allegations have been made in the past.
Eugene Kaspersky was trained at a KGB-sponsored university and worked intelligence. He is known to have close friends within political ranks, including the FSB.
And there’s always the potential the company could be infiltrated without his knowledge
At the same time, Kaspersky Labs research wing has uncovered Russian espionage groups in the past. The company has done good work against other countries, too, and employs a number of well-known researchers in sites around the world, including the United States.
In a statement, Kaspersky denied the allegations.
“As a private company, Kaspersky Lab has no ties to any government, and the company has never helped, nor will help, any government in the world with its cyberespionage efforts. The company has a 20 year history in the IT security industry of always abiding by the highest ethical business practices, and Kaspersky Lab believes it is completely unacceptable that the company is being unjustly accused without any hard evidence to back up these false allegations”
As it presently stands Kaspersky products or services are used in the United States government from the State Department to the Treasury.
IN CASE YOU MISSED IT:
Links from our blog, The Hill, and around the Web.
An anti-propaganda campaign against ISIS raised an interesting question: When it comes to cyber operations, how much do we tell our allies? (The Hill)
Sen. John McCain (R-Ariz.) was a frequent critic of Obama for lacking consistent, coherent cybersecurity strategy. His patience with President Trump to create a strategy has run out. (The Hill)
The White House defended its 18-day delay in the firing of Michael Flynn. (The Hill)
The FTC’s role in guarding consumer privacy from internet providers is headed back to court. (The Hill)
The Windows update that came out today is particularly important. Update your system! (Krebs on Security)
USA Today wants the FBI to investigate bots on Facebook. (BBC)
The case against prosecuting Julian Assange. (Just Security)
If you’d like to receive our newsletter in your inbox, please sign up here.